access-list outside_In permit ip any any

ssbmcmanus · ‎06-29-2016

Just logged into new client's firewall

And I came across the above access list applied to the outside interface inbound.

Does that mean I am allowing everyone one on every port in?

Joseph W. Doherty · ‎06-29-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

So it would appear, but without knowing the actual FW device, and its remaining config, cannot be positive.

ssbmcmanus · ‎06-29-2016

access-group outside_in in interface Outside

):0

Like I said in original post in outside interface

I posted this thinking in can't be correct in thinking that FW was open to outside from any ip

but it looks like it is and was just wanting a confirmation

Richard Burts · ‎06-30-2016

Based on the limited information that you posted it does indicate that the firewall is open and accepts any traffic sent to it from the Internet.

HTH

Rick

HTH

Rick

Cisco Freak · ‎06-29-2016

Please check the output of 'show run access-group' and find out to which interface this ACL is mapped to?

CF